Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

991 advisories

Loading
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface... Moderate Unreviewed
CVE-2024-5313 was published Jun 12, 2024
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web... Moderate Unreviewed
CVE-2024-22333 was published Jun 13, 2024
Windows MSHTML Platform Spoofing Vulnerability High Unreviewed
CVE-2024-38112 was published Jul 9, 2024
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks... Moderate Unreviewed
CVE-2024-39553 was published Jul 11, 2024
A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of... Moderate Unreviewed
CVE-2024-40725 was published Jul 18, 2024
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a... High Unreviewed
CVE-2024-24985 was published Nov 13, 2024
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain... High Unreviewed
CVE-2024-43704 was published Nov 18, 2024
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C,... Critical Unreviewed
CVE-2024-5660 was published Dec 10, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure... Moderate Unreviewed
CVE-2024-52543 was published Dec 25, 2024
nbgrader's `frame-ancestors: self` grants all users access to formgrader High
CVE-2025-23205 was published for nbgrader (pip) Jan 17, 2025
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database